You mean, ICMP logs? I have plenty raw ICMP logs. If you are only after playout reports - why not use the standardised SMPTE server logs? I would also have hundreds of these from our Sony.

Sure, send some through..
I am digging into the logs more then just what the security logs surface. So in general, I am also analyzing the native logs of each of the systems.
For example, you can see user interaction, when shows play, when automation fire. Not just if a CPL played.

But yes, I am after ICMP logs..
I don;t have Sony API, so it has not been implemented.
But if some one sends me the API, I'll look into it. But really I need access to a device for testing, and as there are NO Sony projectors in my Country, that is more then difficult.

@Carsten, do you know what SMPTE Document covers the security log specifications?

DO you think storing the security log data more than just CPL activity is worth while? Thumbprints? a FrameSequencePlayer (Per reel) with start frame, CPL, trackfile id, KDMMessageId? I was not intending too..

I don;t see a use case. This is not a VPF audit tool.

I found the document.. SMPTE ST 430-5:2011, helped a lot. Thanks for the advice.
When I do make the tool available, I would appreciate if others gave it a try to see if any issues arise. I find that some time the PLAYERS, do some strange stuff.. Such as get some type of error loop, creating a huge amount of security logs. When the quires to pull them errors as they get to big in return size, and I have to dig all the way down to 1 hour in length queries, which makes it super slow. Typically I grab a day at a time. Or more if the player can handle it.

How do you deal with CPL name/SPL name vs. the common UUID reference for CPLs? I have to look it up again, but I remember that at least the SMPTE logs only identify UUIDs, so you need to reference the actual CPLs from a UUID database. No big deal, but... I think the ICMP raw logs are more explicit, but of course also contain a heapload of other information.

The Sony API for requesting the files is not open, true, but it is easy to configure an automatic log file export on the Sony. Our machine exports all logs daily to a shared folder.

The App caches all CPLs into a redis database. Looks them up as it goes. If it cannot find the CPL (To look up its CTT and ContentKind), it searches is local MediaAsset Library database, and if that fails, it asks the Player (API call) and then loads it into the redis cache as its likely to appear multiple times..

I have many logs from Dolby, Doremi, GDC and some ICMP. Are you able to read GDC logs? Aren't them encrypted?

I just send my logs to GDC. I Usually have them back in an hour... two hours tops. They know you are likely at the site and want to get it fixed ASAP...

Since GDC encrypts them (the only ones that do that of the companies we deal with), what choice do you have? Why do they encrypt them?

The tool uses the GDC API, of which I had to sign an NDA, and also the code utilising the API must not be open. The API allows you to query the player directly for SecurityLogs between specific dates. You get them back as RAW XML (Not encrypted). like all the other Players do but typically with SOAP messages, GDC have their own way of doing things. (however, Barco, which requires you to SOAP message then FTP the resulting file created on the Player... )

GDC are particularly difficult. Unlike Dolby, Qube, Barco, were the debug report ZIP file is NOT encrypted, the GDC is, and they are the only people who can pull it apart. But at the end of the day, I expect its just a RAW XML file as part of the debug package in the ZIP like everyone else..

I see mention of people wanting to directly access the SecurityLogs? Is that a need? Why?

I'm interested in server logs reading for troubleshooting: here the experience with GDC mail support is very different than Mark's one (but I don't want to make this thread another GDC vs the rest of the world).

While I support your project, I can think of two of my employers who would consider
sending server logs to anyone for other than their intended purpose, to be a serious
violation of their privacy and NDA policies. Somewhere, I recall a paragraph in one
of my employment agreements specifically mentioning that manually or automatically
generated equipment operation and/or service logs were considered "proprietary information",
and sharing them without authorization could be grounds for termination.
- - again - I've got no problem with it, but some organizations & corporate lawyers
might think otherwise. I'm just sayin.....

I would think, from a legal standpoint, the employer would have that control. The logs could reveal actual activity, possibly specific people operating specific equipment. It would be a form of handing over employee ID swipes too. Which could bring up issues when one submits logs to tech support...just what sort of information are they getting from those logs? Could it be more than JUST operation of the equipment. There is a certain amount of user-activity will come along for the ride anyway but if one wanted to, one could get a decent picture of just when the equipment is in use, when people login and such. It isn't hard to see how simple logs could be used for nefarious things. This makes the GDC encrypted logs all the more discouraging. One can't even know what sorts of information is being collected.

I will say, as someone that has had to plow through logs for when equipment has "screwed up." Woe was the people when the logs showed user intervention and say, the closing manager shut off the system on the credits (just started flippin' breakers) so the show stopped in the credits and thus didn't start the first show of the next day...or that the power wasn't turned on until after the first show start (I've had both, multiple times). This stuff WILL rat you out. It shows when you log in what happened after you did...etc.

I would say the Security Logs, that James is looking for, is probably going to be more guarded. Most would consider the security log to be the audit logs (what content did your run and when...by UUID). That again, could be used to rat-out an exhibitor. In fact, that is what one has to provide if one is suspected of being a camcorder house as it shows what content was run/when and they can match it up to whatever watermarking is on the "evidence."

@Jim, This is a fickle industry and there are historical precedence of non-reported sessions. Due to this strange employee conditions do exist.

However, in general... If you run a server of any kind, it generates LOGs, and there are hundreds of tool to collect and analyse these logs for numerous reasons.

For example, for the VPF it was a requirement to record and send these logs to the VPF entity to audit the use against the greed contractual conditions.

In this day of YouTube and spotify etc were advertisers demand to know the metrics on everything. It is not surprising that in some markets advertising agencies are calling for auditing of the playback of the ads.

Analysis of such logs can also be used to flag unauthorized uses.

Obviously pretty much all data in a company is confidential. Even server logs. But as with all computer systems they are stored and kept safe by staff as it should be for auditing purposes. There is nothing different here.

I have spoken to some looking at this tool as a utility to analyse faults on a system. And as I also, when possible, store other telemetry such as automation queues, user interaction etc. It would likely be even more useful then the SMPTE logs (More of a security requirement for DCI, not intended for engineers and tracking down a problem)

In real terms, there logs are always present in a cinema in the DCI-Players. This tool only gives the cinema operator the ability to make use of this data.